[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 453
  • Last Modified:

Using virtualized domain controller as NTP source ?

Hi,

I'm currently planning to change the current NTP provider from a physical old Windows 2003 server into the new Windows Server 2008 R2 Domain Controller running as VMware virtual machine.

So what are the caveats or the steps that I need to know to avoid any issue in using VM as the NTP for the entire company / Data Centre ?

Do I have to transfer FSMO role to another Domain Controller to do this or this is just a simple Group Policy change to point to another Virtualized Domain Controller ?

Thanks.
0
Senior IT System Engineer
Asked:
Senior IT System Engineer
  • 7
  • 4
  • 2
6 Solutions
 
VB ITSSpecialist ConsultantCommented:
As far as the NTP clients are concerned, it's just a change in Group Policy. They won't know if the NTP server is a VM or not, nor will they care.

Before you set your 2008 R2 DC as the NTP Server for your entire domain, make sure you've disabled the time synchronization between the host and the VM otherwise you may experience issues with time drift even if you configure the server to use an external time source.

On that topic - what do you plan on using as your time source on the 2008 R2 DC? Will you be using an external time source such as ntp.pool.org?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Yes correct I will be using that pool.ntp.org lists with space in between the entries on the GPO.

How do I disable the time synch with the ESXi hosts ?
0
 
VB ITSSpecialist ConsultantCommented:
See the steps in this article to disable time synchronization in ESXi: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1189

You'll need to shut down the VM and follow the steps in the above article if you want to completely disable time synchronization.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Make sure that the old and new NTP Servers are running and issuing the same time!
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks for the suggestion Andrew,

What do you mean by old and new ?
Do you mean I must check both the VM and the physical box so that there is no more than 5 minutes different ?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
And last question... Do I need to transfer the FSMO role PDC emulator from this physical windows 2003 box to the Windows 2008R2 VM ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Hang on I've just seen this.....do you have options of using an External NTP source on the ESXi hosts , rather than a virtual machine.

We setup as follows:-

1. ESXi hosts - External Time Source

2. Windows PDC Emulator - External Time Source (same source as 1)

3. Do not Sync time to hosts in the VMs.

4. Windows VMs in the Domain will get time from PDC emulator

5. Linux/Unix VMs external time source as 1.

(otherwise you have an issue when ESXi starts, there is no time source available because the VM is not started, and if the time is apart by over 1/2mins it will not sync)
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Hmm I got confused myself here.

So my initial plan is to do the following:

All windows server and workstations synch to the new Windows Server 2008 R2 VM (not yet PDC emulator). This VM is synchronized to the external source of Pool.ntp.org --> I'm wondering if I have to transfer the FSMO role to the new win2008R2 VM or not necessary.

All ESXi hosts synch to this one VM above.
All network devices (switch, router, SAN, NAS, etc...) synch to the same windows 2008 R2 VM.

Would that be possible ?
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
Windows and Workstations will sync against the domain, so, no need to change anything there.

Yes, that's a good plan.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Cool, thanks for the quick reply.

So why your configuration for the ESXi points to the external NTP source rather than the Windows PDC role VM ?
I'm curious to know the reasoning on your configuration #1 (1. ESXi hosts - External Time Source).

As for configuration #3(3. Do not Sync time to hosts in the VMs.), only the PDC emulator role VM that does not synch with the ESXi servers.
0
 
Andrew Hancock (VMware vExpert / EE MVE^2)VMware and Virtualization ConsultantCommented:
We have seen the NTP service on the ESXi host stop, and if you are syncing VMs with the host, they get the wrong time, so hence, sync time with domain.

We always like to sync servers with an external time source, we have seen issues on occasion with ESXi syncing with Domain, also we like to sync Physical Host to Physical Device, we have GPS and NTP Appliances.
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
ah I see,

So "ESXi syncing with Domain" do you mean the issues was occurred when the ESXi synch the time with the PDC emulator role running as VM ?
0
 
Senior IT System EngineerIT ProfessionalAuthor Commented:
Thanks !
0

Featured Post

NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

  • 7
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now